Add access control filtering of secret objects

Ensure that all APIs which list secret objects filter
them against the access control system.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c
index fbe49d704f3a68a049126c46fa3dea4f78f974f4..71b3fe752b94977cced85d8e37e0da4b47cccee4 100644 (file)
--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -566,8 +566,11 @@ secretConnectNumOfSecrets(virConnectPtr conn)
     secretDriverLock(driver);
 
     i = 0;
-    for (secret = driver->secrets; secret != NULL; secret = secret->next)
-        i++;
+    for (secret = driver->secrets; secret != NULL; secret = secret->next) {
+        if (virConnectNumOfSecretsCheckACL(conn,
+                                           secret->def))
+            i++;
+    }
 
     secretDriverUnlock(driver);
     return i;
@@ -590,6 +593,9 @@ secretConnectListSecrets(virConnectPtr conn, char **uuids, int maxuuids)
     i = 0;
     for (secret = driver->secrets; secret != NULL; secret = secret->next) {
         char *uuidstr;
+        if (!virConnectListSecretsCheckACL(conn,
+                                           secret->def))
+            continue;
         if (i == maxuuids)
             break;
         if (VIR_ALLOC_N(uuidstr, VIR_UUID_STRING_BUFLEN) < 0) {
@@ -666,6 +672,10 @@ secretConnectListAllSecrets(virConnectPtr conn,
     }
 
     for (entry = driver->secrets; entry != NULL; entry = entry->next) {
+        if (!virConnectListAllSecretsCheckACL(conn,
+                                              entry->def))
+            continue;
+
         /* filter by whether it's ephemeral */
         if (MATCH(VIR_CONNECT_LIST_SECRETS_FILTERS_EPHEMERAL) &&
             !((MATCH(VIR_CONNECT_LIST_SECRETS_EPHEMERAL) &&